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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 
Claim Rejections - 35 USC § 103 
Claims 1-4 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jordan 
(2002/0073323 Al). 

In reference to claim 1 and 6, Jordan discloses a system and method for detecting 
computer viruses that attempt to gain access to restricted computer (abstract). The method 
includes writing the results and scanning the results for the presence of proscribed code (page 3 
paragraph 0028). 

Although Jordan does not expressly disclose interpreting code, Jordan discloses an 
emulator that emulates the executable code (page 3 paragraph 0028). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the emulator to perform the function of the interpreter. One of ordinary 
skill in the art would have been motivated to do this because it is desirable that the malicious 
code is not executed and the interpreter and the emulator do not execute the code, instead they 
simulate the execution of the code. 

In reference to claim 2, wherein the step of scanning further comprising a first scanning 
step for the presence of code of interest. Jordan discloses detecting modification of memory 
(page 3 paragraph 0027) and therefore code of interest. 

In reference to claim 3, wherein the first scanning step for the presence of code of interest 
further comprises scanning for a file open command or a file modify command. Jordan discloses 
detecting modification of memory (page 3 paragraph 0027). Modifying a file will modify 
memory. 
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In reference to claim 4, wherein the step of scanning further comprising a second 
scanning step for the presence of proscribed code of interest. Jordan discloses detecting 
modification of memory (page 3 paragraph 0027), the access of memory includes accessing 
restricted computer system resources; this is the presence of proscribed code. 

Claims 5, 7-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jordan as 
applied to claim 1, and 4 respectfully above, and further in view of Shieh et al (5,278,901). 

In reference to claim 7, is rejected as in claim 1 a system and method for detecting 
computer viruses that attempt to gain access to restricted computer (abstract) . The method 
includes interpreting code (emulator) that emulates the executable code (page 3 paragraph 0028), 
a reporter and a results evaluator (page 3 paragraph 0028), whereby the file is interpreted by the 
emulator and results generated those results sent to the evaluator (detector) that determines if 
malicious code is present and then the results are reported. However Jordan does not expressly 
disclose a pattern analyzer. 

However Shieh discloses a pattern-oriented system and method of intrusion detection 
(column 4 lines 9-22). The patter-oriented system is used to detect virus propagation (xolumn 16 
lines 31 to column 17 line 30); therefore the pattern analyzer reviews patterns for the presence of 
proscribed code. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add a pattern analyzer for detection for intrusion detection as in the system by 
Shieh in the system of Jordan. One of ordinary skill in the art would have been motivated to do 
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this because patterns are a simple way of defining deviation from the normal operation of the 
system. 

In reference to claim 5, Jordan does not expressly disclose a system wherein the second 
scanning step for the presence of proscribed code of interest further comprises scanning for viral 
code or viral patterns. 

However Shieh discloses a pattern-oriented system and method of intrusion detection 
(column 4 lines 9-22). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use pattern detection for intrusion detection as in the system by Shieh in the 
system of Jordan. One of ordinary skill in the art would have been motivated to do this because 
patterns are a simple way of defining deviation from the normal operation of the system. . 

In reference to claim S, wherein the step of scanning further comprising a first scanning 
step for the presence of code of interest. Jordan discloses detecting modification of memory 
(page 3 paragraph 0027) and therefore code of interest. 

In reference to claim 9 } wherein the first scanning step for the presence of code of interest 
further comprises scanning for a file open command or a file modify command. Jordan discloses 
detecting modification of memory (page 3 paragraph 0027). Modifying a file will modify 
memory. 

In reference to claims 10-12, Jordan does not expressly disclose the pattern analyzer 
further reviews said code for the presence of code of interest. 

Shieh dislcoses the pattern analyzer reviews code for the presence of problems, or code 
of interest (column 4 line 60 to column 5 line 1 1). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use pattern detection for code of interest as in the system by Shieh in the system 
of Jordan. One of ordinary skill in the art would have been motivated to do this because patterns 
are a simple way of defining deviation from the normal operation of the system. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (703) 305-8421. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (703) 305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

The 2100 Tech center will move to Carlyle in October 2004, The new telephone number 
for the receptionist is (571) 272-2100. The examiner's new telephone number will be (571) 272- 
3854. /) // 
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